A curated list of tools used by Bug Bounty hunters and security researchers for testing web applications, APIs, mobile apps, cloud applications, and network infrastructure. These tools assist in reconnaissance, scanning, fuzzing, exploitation, and reporting vulnerabilities.
- Reconnaissance
- Subdomain Enumeration
- Web Application Testing
- API Security Testing
- Mobile App Security Testing
- Cloud Security Testing
- Network Security Testing
- Vulnerability Scanners
- Fuzzing Tools
- Exploitation Tools
- Reporting & Automation
Tools for gathering public information about the target.
- Amass - In-depth reconnaissance and DNS enumeration
- Assetfinder - Find related domains
- Hakrawler - Crawl web applications for endpoints
- Gauplus - Fetch URLs from various sources
- Waybackurls - Fetch URLs from the Wayback Machine
- Katana - Advanced web crawler
- Findomain - Fast domain discovery
- ParamSpider - Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
Essential for mapping an application's attack surface.
- Subfinder - Passive subdomain discovery
- Sublist3r - Subdomain enumeration using multiple sources
- Knockpy - Subdomain discovery using dictionary attack
- Chaos - Find bug bounty subdomains from Chaos DB
Tools for testing security vulnerabilities in web applications.
- Burp Suite - Web security testing framework
- OWASP ZAP - Open-source web application scanner
- SQLmap - Automated SQL injection tool
- XSStrike - Advanced XSS scanner
- Nuclei - Fast vulnerability scanner using custom templates
- Kxss - Detect cross-site scripting (XSS) vulnerabilities
- CRLFuzz - Detect CRLF injection vulnerabilities
Tools for testing REST, GraphQL, and SOAP APIs.
- Postman - API testing and security research
- GraphQLmap - Automated GraphQL security testing
- NoSQLMap - Detect and exploit NoSQL injection vulnerabilities
- JWT_Tool - Manipulate and test JWT tokens
- Kiterunner - Brute-force API endpoints
Tools for testing Android and iOS applications.
- MobSF - Mobile security testing framework
- Frida - Dynamic instrumentation toolkit for runtime manipulation
- Objection - Runtime mobile security assessment toolkit
- APKTool - Reverse engineer Android apps
- Dex2Jar - Convert Android DEX files to JAR
Tools for testing AWS, Azure, GCP, and other cloud platforms.
- CloudBrute - Cloud asset discovery
- Pacu - AWS penetration testing toolkit
- CloudMapper - Visualize cloud assets and permissions
- ScoutSuite - Multi-cloud security auditing tool
Tools for assessing network security vulnerabilities.
- Nmap - Network scanning and fingerprinting
- Masscan - Fast network scanning
- Shodan - Internet-wide network reconnaissance
- RustScan - Fast network port scanning
- Zmap - Large-scale network scanner
- NetFuzzer - NetFuzzer is a comprehensive network security assessment tool
Automated tools for identifying vulnerabilities.
- NucleiFuzzer - A Powerful Automation Tool for Web Vulnerability Scanning
- Nessus - Commercial vulnerability scanner
- OpenVAS - Open-source vulnerability scanner
- Nikto - Web server vulnerability scanner
- WhatWeb - Detect web technologies and vulnerabilities
Tools for fuzzing web applications and APIs.
- ffuf - Fast web fuzzing
- wfuzz - Web application fuzzing
- Dirsearch - Directory brute-forcing
- Gobuster - Directory and DNS brute-forcing
Tools for exploiting discovered vulnerabilities.
- Commix - Automated All-in-One OS Command Injection Exploitation Tool
- Dalfox - Dalfox is a powerful open-source XSS scanner and utility focused on automation
- Metasploit - Exploitation framework
- Xsploit - Exploit automation
- RouterSploit - Exploiting routers and IoT devices
Tools for automating recon and reporting vulnerabilities.
- Bugcrowd Templates - Reporting templates
- HackerOne Templates - Reporting guidelines
- ReconFTW - Automated recon tool
- BountyIt - Bug bounty automation
If you have any additional tools to suggest, feel free to submit a pull request!
This project is licensed under the MIT License.